RE: [squid-users] Squid content filtering and redirection

From: Amos Jeffries <>
Date: Wed, 10 Nov 2010 22:31:37 +0000

On Wed, 10 Nov 2010 23:03:49 +0100, Tóth Tibor Péter wrote:
> Thank you Helmut!
> It seems to be something that I've been looking for.
> Two more additional questions:
> 1.) You deny access to everything in "verboten" and allow only
> In the Verboten acl you dont have to specify sites you allow access to.
> mean I dont want to type in the whole internet just to allow access for
> sites doesn't containing words in their URL-s. So the question is: Could
> be empty, and just the Deny file would contain words that is not allowed
> URLs?

Welcome to the newbie admins filter game.
Where there are only two outcomes; you loose in small increments or you
quit playing.

To re-hash the most famous example:
 blacklist contains "cunt"
 whitelist contains ""

(Cant use "scunthorpe" because of "scunthorpecunts" whose admin is also
playing ... against you)

You may end up tying the entire Internet into your filter rules anyways.
It will just take a long time to figure that out. The last relatively
decent blacklist I saw had several hundred thousand entries.

The main defense in this game is top-level policy support, enforcement and
STRONG punishments for users caught bypassing the filters.

> 2.) How can you redirect? If someon trying to access a site that's been
> denied, what informatin will they get? It's fine if some html file is
> posted inside of squid or something. I can modify that, just have
> to say, that the site is not allowed!
> Thanks,
> Tibby
> -----Original Message-----
> From: Helmut Hullen
> Hallo, Tóth,
> Du meintest am 10.11.10:
>>>> Is there a way to deny access to sites containing certain words?
>>>> I'm thinking aoubt a wordlist or something?
>>> Perhaps you are searching something like "squidGuard".
>> It's possible, I just would like to know if this could be done within
>> squid itself. Also a little bit of modification.
>> I would like to look for "ABC" word only in the site name, not in
>> it's content. Like deny access to but dont
>> filter a site containg some paragraphs about ABC-s.
>> Could it be done?
> [please don't top post, please don't fullquote - thank you]
> One possible way:
> In "squid.conf"
> # Schmuddelfilter
> include /etc/squid/conf.d/schmuddel.conf
> with the file "/etc/squid/conf.d/schmuddel.conf"
> # Schmuddelfilter
> acl verboten url_regex "/etc/squid/schmuddel"
> acl ausnahme url_regex "/etc/squid/whitelist"
> http_access allow ausnahme
> http_access deny verboten
> and the wordlist files "/etc/squid/schmuddel" and "/etc/squid/verboten",

> one entry per line.
> As far as I know "squid" can't check the contents but only can check
> URLs etc.
> Viele Gruesse!
> Helmut
Received on Wed Nov 10 2010 - 22:31:39 MST

This archive was generated by hypermail 2.2.0 : Thu Nov 11 2010 - 12:00:06 MST